Australian Privacy Principles (APP) compliance summary for “Process Feedback for Google Docs” extension

This page provides a high-level summary of how the Process Feedback for Google Docs extension aligns with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). It is provided for transparency and informational purposes only and does not replace contractual agreements or institutional terms.

APP 1 — Open and transparent management of personal information

Process Feedback maintains a public privacy policy outlining what data is collected, when, why, and how users can control or delete their data.

APP 2 — Anonymity and pseudonymity

Users are not required to create accounts to use Process Feedback.

APP 3 — Collection of solicited personal information

By default, Process Feedback operates using a local-first design. No personal data is collected unless a user explicitly chooses to share a report. Please read more about how our extensions work.

APP 4 — Dealing with unsolicited personal information

Any unintended personal information contained within shared documents is processed only as part of the educational artefact and retained in accordance with defined retention limits or deleted earlier upon request.

APP 5 — Notification of the collection of personal information

Users are informed at the point of sharing about what data is collected, the purpose of collection, and their ability to delete the shared report at any time.

APP 6 — Use or disclosure of personal information

Personal information is used only to operate and support the service and to meet contractual or legal obligations.

APP 7 — Direct marketing

Process Feedback does not use personal data for marketing purposes.

APP 8 — Cross-border disclosure of personal information

Production infrastructure is hosted on Cloudflare in the United States. Cross-border transfers are governed by institutional Data Processing Agreements containing contractual safeguards. No personal data is transferred to third-party processors.

APP 9 — Adoption, use or disclosure of government related identifiers

Process Feedback does not collect government-issued identifiers.

APP 10 — Quality of personal information

Users and institutions control uploaded content and may delete or regenerate reports to ensure data accuracy.

APP 11 — Security of personal information

Process Feedback uses a local-first architecture so data remains on the user’s device unless explicitly shared. Shared data is protected with TLS encryption in transit, encrypted at rest on Cloudflare infrastructure, and accessible only through role-based, restricted staff access. Institutions may disable sharing domain-wide.

APP 12 — Access to personal information

Users and institutions may request access to stored data through in-app export tools or by contacting support.

APP 13 — Correction of personal information

Users and institutions may delete affected reports and regenerate corrected versions at any time.

We are still working on a short course for students. Please stay tuned!